Filter
Top Products
In the following example, the software is configured from the file my-config at IP address 192.168.123.59:
Switch# copy tftp://192.168.123.59/my-confg running-config
Download file ‘my-config’ from 192.168.123.59 to running-config? [y/n] y
Accessing tftp://192.168.123.59/my-config...
[OK] 487 bytes copied in time <1 sec
Updating running-config...
To clear the saved configuration, use the following command from privileged mode:
Switch# erase startup-config
5.3 Configuring SNMP
This section discusses the following tasks needed to configure Simple Network Management Protocol (SNMP).
Simple Network Management Protocol (SNMP) is the standard of network management protocols on TCP/IP-based
networks.
SNMP allows network managers to obtain specific performance and configuration information from a software agent
on a remote-network device. SNMP allows different types of networks to communicate by exchanging network
information through messages known as protocol data units (PDUs). The IntraCore IC36240 supports SNMPv1, v2
and v3. The SNMPv3 protocol has improved the authentication, access control, and security methods. The following
sections outline these methods.
5.3.1 Authentication
SNMPv1 relies on IP address-based access lists and community strings that function like a password and is shared
between an SNMP manager and agent. IP address-based access lists can be vulnerable to IP address spoofing.
When there is easy physical access to a network or community strings intercepted, simple network management
operations can reveal network information about any device configured for remote SNMP management.
Because SNMPv3 requires that, both the SNMP manager and agent share a secret authentication key, to ensure
security in your network use the SNMPv3 protocol. Each SNMPv3 packet carries the user's name and key. The key is
generated from a user password by using a secure hash function.
The User-based Security Model (USM) for SNMPv3 defines two authentication protocols: HMAC-MD5-96, which is
based on MD5 (faster). The MD5 protocol must be implemented in an SNMPv3 environment.
MD5 is a hashing algorithm. When a message concatenated with a user's key is received, the system generates a
fingerprint for the string. After the hash is performed, the fingerprint is added to the message (without the key).
Sending this fingerprint with the message protects it from both the Modification of Information and Masquerade
security threats. If any of the data in the packet is modified after the original is transmitted, it is detected when the
hash is performed on the received message (minus the fingerprint, plus the users key), and the result is compared to
the fingerprint that was received. This process also protects the network from Masquerade attack because the scope
of the authentication includes the message's origin. In this way, both the identity of the sender and integrity of the
message can be verified.
5.3.2 Access Control
SNMPv3 allows for the definition of multiple access controls. Access control is a security function performed at the
PDU level. Strong access control demands strong authentication, which SNMPv3 does have.
43 Asante IntraCore IC36240 User’s Manual